On Thu, Nov 5, 2015 at 6:53 AM, Richard Hipp <d...@sqlite.org> wrote:
> On 11/4/15, Eduard <eduard.c.dumitre...@gmail.com> wrote:
> > Hi Taras,
> >
> > I've had a very similar problem. I fixed it by setting the "HTTPS"
> > environment variable (for CGI execution) to "on" when the request comes
> > in through https, i.e.
> >
> > <If "%{HTTP:X-Forwarded-Proto} = 'https'">
> > SetEnv HTTPS on
> > </If>
> >
> > You might want to remove the "<if>" part if you're only accepting https
> > anyway.
> >
> > I'm not sure whether this is the truly correct way to do it, but it sure
> > solved my problem.
> >
>
> Fossil depends on the HTTPS environment variable to know whether or
> not the inbound request was over http or https. Without that
> environment variable, Fossil has no way of knowing, and hence has no
> way of knowing whether to generate http: or https: on generated
> hyperlinks.
>
In my Fossil server config (running as an inetd-style program behind
stunnel), I pass the '--https' flag and the '--host' parameter to fossil
when forking an instance. This may give OP the desired effect.
Full stunnel config:
$ cat stunnel.conf
pid = /home/fossil/stunnel.pid
output = /home/fossil/stunnel.log
RNDfile = /home/fossil/randfile
[fossil-https]
accept = 10443
cert = /home/fossil/www.example.com.pem
key = /home/fossil/www.example.com.key
exec = /usr/local/bin/fossil
execargs = fossil http /home/fossil/my.fossil.db --https --host
www.example.com
For completeness, here is the redirect rule to expose stunnel at port 443
(allowing stunnel to run as user 'fossil' rather than 'root'):
# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 31728 packets, 1886K bytes)
pkts bytes target prot opt in out source
destination
5342 309K REDIRECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:443 redir ports 10443
HTH,
Eric
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
